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herein by reference. 
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is incorporated herein by reference. 

U.S. Patent Application Number entitled "A Method And 
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Sunay Tripathi and E. Nordmark, filed is incorporated herein by 

reference. 
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Tripathi and Bruce Curtis, filed is incorporated herein by 

reference. 
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U.S. Patent Application Number entitled "A Method For 

Batch Processing Received Message Packets" by Sunay Tripathi and S. 
Kamatala, filed is incorporated herein by reference. 

U.S. Patent Application Number entitled "A Method and 

System For Transmitting Packet Chains" by Sunay Tripathi, Bruce Curtis and C. 
Masputra, filed is incorporated herein by reference. 

BACKGROUND 

Computer systems typically utilize a layered approach for implementing 
functionalities relating to communications frameworks where a layer is a program 
module for processing different portions of data traveling from a producer to a 
consumer. Each protocol (e.g., TCP, IP, etc.) is implemented as a layer and 
each connection can be visualized as a layer of protocol modules through which 
each incoming or outgoing packet has to pass. Each layer examines the data to 
determine if any work needs to be performed by that layer before sending the 
data to the next layer. 

20 Conventional accept mechanisms process new connections on the 

listener and the three-way handshake and connection indication are done in the 
listener context. The messages used to perform the accept of a new connection 



10 



15 
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are sent on the listener stream and the listener stream is single threaded during 
the accept process. As a result, the listener can become a bottleneck during 
times of heave traffic because the listener can not accept new connections while 
processing other connections. 
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SUMMARY 

In accordance with an embodiment of the present invention the connection 
setup handling on the server's endpoint is shared between a listener stream and 
an acceptor stream. More specifically, the listener stream on the server waits for 

5 a connection (e.g., connection indicator), creates a connection data structure 
(e.g., connj) specific to the new connection, sets up an acceptor communication 
stream and processes the communication between the client and the server on 
the new stream. In one embodiment of the invention, the TPI (transport provider 
interface) messages including a T_CONN_IND signal (connection indicator), a 

10 T_CONN_RES signal (connection response), and a T_CONN_ACK signal 
(connection acknowledgement) are passed along the listener and acceptor 
streams. 



For example, on receiving a T_CONNJND message from the transport 
15 layer (e.g., TCP layer), the socket layer creates a new stream, generates a 
connection data structure for the new connection and passes a T_CONN_RES 
message to the TCP layer. The TCP layer then swaps an already created eager 
connection with the newly created stream and sends a T_CONN_ACK signal 
acknowledgement to the sockfs on the listener stream. The listener on the 
20 server can be the bottleneck in a heavily loaded system, where there are 

simultaneous connection indicators on the same listener. The present invention 
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offloads a portion of the load assigned to the listener during the connection setup 
process thus achieving higher performance. 



Embodiments of the present invention include a computer implemented 
5 method for connecting a server system to a client where the method includes 
receiving a TCP connection on a server from a client, wherein the TCP 
connection is received by a first TCP control block coupled to a first 
communication stream and coupled to a socket on the server. After receiving the 
TCP connection, the method includes creating a connection structure specific to 

10 the new connection, creating a second TCP control block on the server; sending 
a connection indicator from the first TCP control block to the socket and creating 
a second communication stream between the socket and the second TCP control 
block. After the second TCP control block is created, and after a connection 
indicator is sent from the first TCP to the socket, the method further includes 

15 transferring the TCP connection from the first communication stream to the 

second communication stream; and returning a connection response to the client 
through the second TCP control block and through the second communication 
stream. By offloading a portion of the communication processing from the 
listener stream to the acceptor stream, the listener stream can service a new 

20 client faster, thus reducing latency and easing a critical bottleneck in a server 
system. 
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Embodiments of the present invention provide an accept mechanism that 
establishes an incoming connection in its own perimeter as soon as a SYN (e.g., 
connection indicator) packet arrives. The connection indication is sent to the 
listener on the listener's stream and the accept messages are sent over the 
5 newly created acceptor stream. As a result, sockfs is not single threaded at any 
time during the accept processing. 

These and other objects and advantages of the present invention will no 
doubt become obvious to those of ordinary skill in the art after having read the 
10 following detailed description of the preferred embodiments, which are illustrated 
in the various drawing figures. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The accompanying drawings, which are incorporated in and form a part of 
this specification, illustrate embodiments of the invention and, together with the 
5 description, serve to explain the principles of the invention as set forth in the 
Claims. 

Figure 1 is a logical block diagram of an exemplary embedded computer 
or server system comprising a plurality of processors in accordance with an 
10 embodiment of the present invention. 

Figure 2 is a block diagram of an exemplary server-client system wherein 
a three-way handshake is used to create a communication connection in 
accordance with an embodiment of the present invention. 

15 

Figure 3 is a block diagram of an exemplary communication connection 
comprising a user application layer, a kernel layer and a network access layer in 
accordance with an embodiment of the present invention. 

20 Figure 4 is a block diagram of an exemplary server system wherein 

packets associated with a connection are assigned, routed and processed by the 
same processor in accordance with an embodiment of the present invention. 
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Figure 5 is a block diagram of an exemplary connection structure used to 
classify a connection in accordance with an embodiment of the present invention. 

5 Figure 6A is a block diagram of an exemplary server system showing a 

TCP connection between a client and a server in accordance with an 
embodiment of the present invention. 

Figure 6B is a block diagram of an exemplary server system wherein a 
10 new path is created after a connection response is sent from a socket to a TCP 
on a server in accordance with an embodiment of the present invention. 

Figure 7 is a flow diagram of an exemplary process for processing a 
connection on a multi-processor server system in a vertical perimeter 
15 communication environment in accordance with embodiments of the present 
invention. 
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DESCRIPTION 

Reference will now be made in detail to the preferred embodiments of the 
invention, examples of which are illustrated in the accompanying drawings. 
While the invention will be described in conjunction with the preferred 
5 embodiments, it will be understood that they are not intended to limit the 

invention to these embodiments. On the contrary, the invention is intended to 
cover alternatives, modifications and equivalents, which may be included within 
the spirit and scope of the invention as defined by the appended claims. 
Furthermore, in the following detailed description of the present invention, 

10 numerous specific details are set forth in order to provide a thorough 

understanding of the present invention. However, it will be obvious to one of 
ordinary skill in the art that the present invention may be practiced without these 
specific details. In other instances, well-known methods, procedures, 
components, and circuits have not been described in detail as not to 

15 unnecessarily obscure aspects of the present invention. 

Notation and Nomenclature 
Some portions of the detailed descriptions that follow are presented in 
terms of procedures, logic blocks, processing, and other symbolic 
20 representations of operations on data bits within a computer memory. These 
descriptions and representations are the means used by those skilled in the data 
processing arts to most effectively convey the substance of their work to others 
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skilled in the art. A procedure, logic block, process, etc., is here, and generally, 
conceived to be a self-consistent sequence of steps or instructions leading to a 
desired result. The steps are those requiring physical manipulations of physical 
quantities. Usually, though not necessarily, these quantities take the form of 
5 electrical or magnetic signals capable of being stored, transferred, combined, 
compared, and otherwise manipulated in a computer system. It has proven 
convenient at times, principally for reasons of common usage, to refer to these 
signals as bits, bytes, values, elements, symbols, characters, terms, numbers, or 
the like. 

10 

It should be borne in mind, however, that all of these and similar terms are 
to be associated with the appropriate physical quantities and are merely 
convenient labels applied to these quantities. Unless specifically stated 
otherwise as apparent from the following discussions, it is appreciated that 

15 throughout the present invention, discussions utilizing terms such as "receiving," 
"creating," "connecting," "transferring," "sending," "updating," "entering", 
"computing" or the like, refer to the action and processes (e.g., process 700) of a 
computer or computerized server system or similar intelligent electronic 
computing device, that manipulates and transforms data represented as physical 

20 (electronic) quantities within the computer system's registers and memories into 
other data similarly represented as physical quantities within the computer 
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system memories or registers or other such information storage, transmission or 
display devices. 

Referring now to Figure 1 , a block diagram of exemplary computer system 
5 12 is shown. It is appreciated that computer system 12 of Figure 1 described 
herein illustrates an exemplary configuration of an operational platform upon 
which embodiments of the present invention can be implemented. Nevertheless, 
other computer systems with differing configurations can also be used in place of 
computer system 12 within the scope of the present invention. For example, 
10 computer system 12 could be a server system, a personal computer, an 
embedded computer system or a system in which one or more of the 
components of the computer system is located remotely and accessed via a 
network. 

15 Computer system 12 may include multiple processors and includes an 

address/data bus 10 for communicating information, a central processor 1 
coupled with bus 10 for processing information and instructions, a cache 16 
coupled to bus 10 for temporarily storing data, a volatile memory unit 2 (e.g., 
random access memory, static RAM, dynamic RAM, etc.) coupled with bus 10 for 

20 storing information and instructions for central processor 1 and a non-volatile 
memory unit 3 (e.g., read only memory, programmable ROM, flash memory, 
EPROM, EEPROM, etc.) coupled with bus 10 for storing static information and 
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instructions for processor 1 . Computer system 12 may also contain an optional 
display device 5 coupled to bus 10 for displaying information to the computer 
user. Moreover, computer system 12 also includes a data storage device 4 (e.g., 
disk drive) for storing information and instructions. 

5 

Also included in computer system 12 of Figure 1 is an optional 
alphanumeric input device 6. Device 6 can communicate information and 
command selections to central processor 1 . Computer system 12 also includes 
an optional cursor control or directing device 7 coupled to bus 10 for 

10 communicating user input information and command selections to central 

processor 1. Computer system 12 also includes signal communication interface 
8, which is also coupled to bus 10, and can be a serial port. It is noted that the 
components associated with system 800 described above may be resident to 
and associated with one physical computing device. However, one or more of 

15 the components associated with system 800 may be physically distributed to 
other locations and be communicatively coupled together (e.g., via a network). 



VERTICAL PERIMETER PROTECTION 
A TCP connection provides for full duplex data transfer. That is, 
20 application-level data can be transferred in both directions between two hosts. 
For example, if there is a TCP connection between process A on one host and 
process B on another host, then application-level data can flow from A to B at the 
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same time as application-level data flows from B to A. A TCP connection is also 
point-to-point, e.g., between a single sender and a single receiver. As a result, 
multicasting (the transfer of data from one sender to many receivers in a single 
send operation) is not generally performed with TCP. 

5 

When a process running in one host needs to initiate a connection with 
another process in another host, a TCP connection is required. The host that is 
initiating the connection is called the "client," while the other host is called the 
"server." These connotations will be used herein. The client application process 
10 first informs the client TCP layer that it needs to establish a connection to a 
process in the server. 



Generally, the TCP layer in the client then proceeds to establish a TCP 
connection with the TCP layer in the server. The client first sends a special TCP 

15 segment, the server responds with a second special TCP segment; and the client 
responds again with a third special segment. The first two segments contain no 
"payload," e.g., no application-layer data. The third of these segments may carry 
a payload. Because three segments are sent between the two hosts, this 
connection establishment procedure is often referred to as a three-way 

20 handshake. 
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Figure 2 is a data flow diagram of an exemplary server-client system 200 
wherein a three-way handshake is executed to make a TCP connection between 
the server 204 and the client 208. The three-way handshake is initiated from the 
client 208 with a "SYN" (SYNC) message 210 from one unique address to the 
5 TCP/IP server 204. The SYN message notifies the server 204 that the client 208 
needs to communicate. The client 208 first sends the server 204 its address (this 
is part one of the three way handshake) and the server 204 creates a new 
connection structure 'connj' to handle this connection. This conn_t is also 
referred to as an 'eager conn_t'. The server then inserts the 'eager conn_f in the 

10 IP classifier such that all future incoming packets for this connection can find the 
'eager conn_t' after classification. This method is advantageous compared to 
standard TPI implementation where the 'eager connj' is stored in a private table 
accessible only from listener requiring the listener to handle the 3 rd step of the 
three-way handshake and any subsequent data packets that client sends before 

15 new STREAM is created. The server 204 then sends a "SYN/ACK" 

(SYNC/acknowledgement) message 214 back to the client 208 to let the client 
know that it can begin to communicate with the server 204 (this is part two of the 
three-way handshake). The client 208 then sends an ACK message back to the 
server 204 and begins communication with the server (this is part three of the 

20 three-way handshake). The ACK and any subsequent data packets are 

processed on the 'eager connj' already established to handle this connection. 
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Figure 3 is a software layer illustration of a communication connection 300 
comprising a user application layer 310, a kernel layer 320 and a network access 
layer 330. In accordance with the embodiment of Figure 3, user application layer 
310 comprises a user application 31 1 that provides a set of services for clients 
5 over the networks. 

Kernel layer 320 comprises a variety of modules that perform specific 
functions when passing message packets upstream (e.g., from network access 
layer 330 to user application layer 310) and downstream (e.g., from user 

10 application layer 31 0 to network access layer 330). In accordance with an 

embodiment of the present invention, kernel layer 320 comprises protocol layers 
including socket module 321 , transfer control protocol (TCP) module 322, and 
Internet protocol (IP) module 323. The modules comprising kernel layer 320 can 
be mapped to corresponding layers of the TCP/IP suite of protocols. That is, 

15 socket module 321 corresponds to the application layer of the TCP/IP protocol. 
Similarly, TCP module 322 and IP module 323 correspond to the transport and 
network layers, respectively of the TCP/IP suite of protocols. It is appreciated 
that in embodiments of the present invention, communication connection 300 
may utilize other modules (e.g., a firewall module) in kernel layer 320. 

20 Furthermore, it is appreciated that the connection state for individual modules of 
connection 300 may be incorporated into a single connection structure called 
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'conn*, wherein the modules are not distinct modules, but a culmination of 
modules merged together (e.g., a merged TCP/IP module). 

Network access layer 330 provides physical access to communications 
5 network and corresponds to the network interface layer of the TCP/IP suite of 
protocols. Network access layer 330 comprises a device driver 331 and a NIC 
332. It is appreciated that once a connection is established, it is generally 
maintained on the same NIC (e.g., once a connection is established on a 
particular NIC, all subsequent packets of that connection will be sent and 
10 received on the same NIC). The process and hardware required to maintain a 
connection on the same NIC are well known in the art. Any number of well- 
known protocol layers 321-323 can be used in accordance with the present 
embodiment. 



15 Figure 4 is an illustration of an exemplary multiprocessor server system 

400 comprising a plurality of network interface cards (NICs), e.g., NICs 422, 424, 
and 426 that provide a connection interface to a client (e.g., a port) in accordance 
with the an embodiment of present invention. Exemplary server 400 also 
comprises a plurality of central processing units (CPUs) or processors wherein 

20 each NIC is assigned to a specific CPU (e.g., NIC 422 is assigned to CPU 410). 
The present embodiment provides a system for per CPU synchronization called 
"vertical perimeters" inside a merged TCP/IP module. The vertical perimeter is 
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implemented using a serialization queue, or data structure called 'squeue' in one 
embodiment. Table 1 comprises an exemplary data structure for 'squeue' in 
accordance with one embodiment of the present invention. 





TABLE 1 






5 


#define 


SQS_PROC 0x0001 




typedef struct squeue { 






int_t 


sqjlag; 


/* Flags tells squeue status V 




kmutex_t 


sqjock; 


/* Lock to protect the flag etc V 


10 


mblk_t 


*sq_first; 


/* First Queued Packet */ 




mblk_t 


*sq_last; 


/* Last Queued Packet V 




threadj 


sq_worker; 


/* the worker thread for squeue */ 




} squeue_t; 







15 

The functionality of the queue is described as follows. Each CPU of the 



server system has an associated 'squeue' (serialization queue) for queuing 
packets destined for the associated CPU (e.g., "squeue* 416 queues packets 
destined for CPU 410). In addition, each CPU has an optional limited amount of 

20 associated cache memory for storing connection information for current 

connections amongst other information CPU needs. For example, cache 404 is 
associated with CPU 410 and could store information about connections 
associated with CPU 410. For example, embodiments of the present invention 
use a connection data structure called 'conn 1 that classifies each connection and 

25 provides routing information such that all packets associated with the connection 
are routed to a single assigned processor. The details of the 'conn' connection 
structure are discussed in greater detail below. Both 'conn' and 'squeue' data 
structures can reside in a computer readable memory. 
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As described further below, the 'squeue' data structure queues tasks to be 
performed by its associated processor. In one embodiment of the present 
invention this includes the processing of a communication packet that may be 

5 associated with a TCP connection. In accordance with embodiments of the 
present invention, once the processing starts for a data packet, the same 
processor will process the packet through the protocol layers 321-323 (Figure 3) 
without requiring additional locks or queuing the packet between protocol layers. 
Furthermore, the same processor will similarly process all other packets of that 

10 TCP connection. 



As described below, 'conn' data structure is used and associated with a 
TCP connection and stores a pointer to the 'squeue' its associated with and can 
be used to route packets to their respective processors. This is true for in-bound 
15 and out-bound packets. 



The connection data structure ('conn') lookup for inbound packets is done 
outside the perimeter, using an IP connection classifier, as soon as a packet 
reaches the IP portion of the merged TCP/IP module. Based on the 
20 classification, the 'conn' (connection structure) is retrieved from a memory 
resident connection classifier hash table (conn_t) table 402. For new 
connections, creation of 'conn', assigning it to a 'squeue' and inserting it in the 
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connection classifier hash table (e.g., conn J 402) happens outside the vertical 
perimeter. As a result, all packets for the same connection are processed on the 
'squeue' to which it is bound. Advantageously, processing all packets associated 
with a connection on the same processor decreases processing time for the 
5 packet by reducing data state conflicts between protocol layers, for instance. 
Furthermore, a localized cache can be used in accordance with embodiments of 
the invention to further decrease processing time. 

When a packet is received from a NIC (e.g., NIC 424), an interrupt thread 
10 classifies the packet and retrieves the connection structure (e.g., 'conn') and the 
instance of the vertical perimeter or 'squeue', on which the packet needs to be 
processed. For a new incoming connection, the connection is assigned to the 
vertical perimeter instance attached to the interrupted CPU associated with the 
NIC, on which the connection was received. For outbound processing, the 'conn' 
15 can also stored in the file descriptor for the connection so that the 'squeue' can 
be retrieved from the 'conn'. 

Vertical perimeters advantageously assure that only a single thread can 
process a given connection at any time, thus serializing access to the TCP 
20 connection structure by multiple threads (from both read and write sides) in a 
merged TCP/IP module. Compared to a conventional STREAMS QPAIR 
perimeter, a vertical perimeter protects the whole connection state from IP to 
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sockfs instead of merely protecting a module instance. As discussed further 
below, once a packet is being processed through the protocol layers by its 
processor, the thread is usually not interrupted unless to schedule a new task on 
its queue. 

5 

Figure 5 is a block diagram of an exemplary 'conn 1 (connection data 
structure) 402 in accordance with an embodiment of the present invention. The 
'conn J' 402 stores information specific to a connection established on a server 
(e.g., server 400 from Figure 4). When a new connection is established, a 

10 'conn J' is automatically created and stored in a memory resident database. The 
'conn_f, in one embodiment of the present invention, comprises a connection 
state 506, and a 'squeue' 508 to which it is attached. It is appreciated that the 
'conn' can also include various other entries to facilitate the processing of 
packets associated with the particular connection. In one embodiment of the 

15 invention, the squeue 508 also comprises a CPU identifier that defines a single 
processor for which the squeue is processed on. 



Table 2 illustrates an exemplary connection structure ('conn) used in one 
embodiment of the present invention. 

20 
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5 



TABLE 2 




typedef struct conn { 




uint32_t conn_ref; 


/* Reference counter */ 


u i nt32__t con n_f lags ; 


/* Flags 7 


squeue_t *conn_sqp; 


/* squeue the conn will be processed on */ 


/* Other connection state 7 




} conn_t; 





In one embodiment of the invention, when a packet is received, 
classification information (e.g., connection address information) is retrieved from 

15 the header portion of the packet and a hash index is computed based on which 
the associated 'conn' is retrieved from the CPU and squeue identifier 508. If an 
entry is not found, a 'conn' is created using the connection address information 
as the connection identifier. The 'squeue' identifier 508 defines the specific CPU 
that the connection is assigned to and is also stored in the 'conn'. This 

20 information routes packets for this connection to the proper processor. 

Figure 6A illustrates an exemplary implementation of a server architecture 
used to make a connection between a server 670 and a client 660. To set-up a 
TCP connection, a client 660 initiates a connection request with a server 670 by, 
25 for example, dialing in to a modem pool, which is intercepted by point-to-point 
stack software, which conforms information received to the Listener TCP 604, 
which obtains a new socket 601 (from Figure 6B) for connecting the client 660 to 
the server 670. In one embodiment of the invention, a listener 655 on server 670 
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listens for connections with a client 660. The client 660 makes the connection 
with the server 670 by sending the server a TCP connection request 617. 

In response to the TCP connection request (SYN) 617 sent by the client, 
5 the server sets-up a new TCP control block (e.g., TCP layer) 610 to 

communicate with the client TCP 624. In one embodiment, the server identifies 
connection attributes (e.g., local IP address, remote IP address, local port and 
remote port addresses) and creates a connection structure "conn" (e.g., conn 
data structure 402) and inserts it in the classifier table. The data structure 

10 contains protocol state information and is also used to route subsequent data 
packets associated with the connection to the same processor of a multi- 
processor server system. The listener TCP 604 then replies back with a SYN- 
ACK 618 message. The client TCP 624 receives the SYN-ACK and responds 
with a ACK 619 to complete the three-way handshake and is free to send any 

15 data afterwards. The ACK 61 0 is received by the Server 670 which classifies the 
packet and finds the TCP 610 and passes the packet to the new TCP control 
block 61 0 on the server 670 will communicate with the TCP layer 624 on the 
client 660 after the connection setup is complete. TCP 61 0 sends a connection 
indicator to listener socket 610. All this while, the listener STREAM 655 is free to 

20 process other connection requests. 
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Figure 6B illustrates an implementation of a server architecture used to 
make a connection between a server 670 and a client 660. Specifically, Figure 
6B illustrates a newly created communication path (acceptor path 656) after the 
connection indication, for example, a T_CONN JND message 630 is sent from 
5 the TCP connection 610 to the socket 601 . Once the acceptor path 656 is 
created, TCP control block 610 is tied to the STREAM 656 by means of socket 
601 sending a T_CONI\LRES on the acceptor STREAM 656 and communication 
between the client 660 and the server 670 is done over the acceptor path 656. 
The listener path 655 is available to service new clients and is not required to 

10 complete the setup of new connection other than receiving a connection request 
617, creating a new TCP control block 610 and processing the connection 
indication 630. These steps are done asynchronously and listener doesn't need 
to be single threaded at any point (e.g., listener can service other connection 
request in between any of the steps). In response to the connection indicator 

15 630, the socket 601 replies to TCP 610 with a connection response message 
632, for example T_CONN_RES , that notifies the TCP 604 that a new path is 
set-up and the connection should be transferred to the newly created TCP 610. 
The new path will connect the new TCP control block 610 with the client 660. 
The new path 656 will process the rest of the connection accept process. In one 

20 embodiment of the invention, the listener stream is not single threaded during the 
accept of a new connection. 
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Figure 7 is a flow diagram of an exemplary process for processing a 
connection on a multi-processor server system in accordance with embodiments 
of the present invention. Step 701 comprises receiving a connection indicator 
packet on a listener that is associated with a connection to be established. In 
5 one embodiment of the invention, the connection indicator packet is a SYN 
packet associated with a three-way handshake used to establish a connection, 
for example between a client and a server. In one embodiment of the invention, 
the listener is a module responsible for processing new connections on a server 
system. In response to the connection request packet, in step 703, a data 
10 connection structure is generated that defines the connection state for the 
connection and the connection is also assigned to a single processor. In one 
embodiment of the invention, the connection structure is a conn_t data structure. 
In step 705, the path transmits a first acknowledgement packet in response to the 
connection request wherein the listener is free to process subsequent packets. 

15 

In one embodiment of the invention, the listener is not single threaded 
while processing a connection. In step 707, the path receives a second 
acknowledgement packet to establish the connection on the processor. In one 
embodiment of the invention, the first and second acknowledgement packets are 
20 associated with a three-way handshake. In step 709, the path processes a 
plurality of packets on the single processor associated with the connection 
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wherein the packets are identified with the path based on the data structure 
generated in step 703. 



The accept mechanism of the present invention establishes an incoming 
5 connection in its own perimeter as soon as the SYN packet arrives and inserts in 
the classifier so that subsequent packets can be processed on perimeter of the 
new connection. The connection indication may be sent on the listener stream, 
but the accept occurs on a newly created acceptor stream. As a result, there is 
no need to allocate extra data structures for the new acceptor stream since its 

10 known that the necessary data structures were already created when listener 
serviced the connection request. The acknowledgement for the connection 
request can be sent on the acceptor stream. In one embodiment of the 
invention, sockfs does not become single threaded at any time during the accept 
processing, thus increasing the accept rate for new connections, especially while 

15 heavily loaded. 

Embodiments of the present invention, a multi-threaded accept in a 
vertical perimeter communications environment has been described. While the 
present invention has been described in particular embodiments, it should be 
20 appreciated that the present invention should not be construed as limited by such 
embodiments, but rather construed according to the following Claims. 
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The foregoing descriptions of specific embodiments of the present 
invention have been presented for purposes of illustration and description. They 
are not intended to be exhaustive or to limit the invention to the precise forms 
disclosed, and obviously many modifications and variations are possible in light 

5 of the above teaching. The embodiments were chosen and described in order to 
best explain the principles of the invention and it's practical application, to 
thereby enable others skilled in the art to best utilize the invention and various 
embodiments with various modifications as are suited to the particular use 
contemplated. It is intended that the scope of the invention be defined by the 

10 Claims appended hereto and their equivalents. 
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